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What is ISO/IEC 27001? 


ISO/IEC 27001 is an international standard for implementing an information security management system (ISMS) 
published by the International Organization for Standardization's (ISO) and International Electrotechnical 
Commission (IEC). ISO releases management system standards to help organizations organize business processes 
and procedures to achieve specific objectives. The ISO/IEC 27001 standard enables organizations to secure sensitive 
data and reduce the risk of cyber attacks by outlining a set of globally accepted management procedures and 
information security controls. 


Adoption vs Certification 


The ISO/IEC 27001 standard is widely used as a set of best practices for organizations to leverage while building 
out an information security management system. When implemented correctly, these best practices can help 
improve information security posture and establish trust trust with customers. Some organizations may choose to 
pursue a certified ISMS and have their ISMS assessed by a third party auditor. Although not mandatory, an ISO/IEC 
27001 Certification is valued by customers as means to validate the information security controls and management 
procedures for the organization. What is ISO/IEC 27001? 


ISO/IEC 27001 certification audits take place every three years, however organizations must also complete annual 
surveillance audits between certification years. 


How does an ISO/IEC 27001 Certification benefit customers? 


An ISO/IEC 27001 certification serves as lense into an organization's information security environment. In 
combination with the company's Statement of Applicability (SoA) customers or prospects can rest assured that 
fundamental procedures and controls are in place to protect their data by means of a formal information security 
management system. 


Understanding the Certification? 


In order to obtain an ISO/IEC 27001 certification, an organization's information security management system must 
meet the criteria established by the management clauses defined by the ISO/IEC 27001 standard. In addition to the 
management clauses, there are 114 information security controls that may be included or omitted based on the 
risks the organization faces. Organizations must complete a risk assessment or gap analysis to identify these risks 
and in turn document the justification for inclusion/omission in the Statement of Applicability. Both the certification 
and Statement of Applicability are essential to understanding the security measures an organization has taken. 


ISO/IEC 27001 at Cloudflare 


Cloudflare’s ISMS has been assessed and certified by a third party auditor. Our official certification and Statement of 
Applicability are available upon request. 


For more information on our ISO/IEC 27001 certification and other security validations Cloudflare has received 
please visit https://www.cloudflare.com/compliance/ or reach out to your sales representative. 
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